CVE-2012-0788

Name of the Vulnerable Software and Affected Versions PHP versions prior to 5.3.9

Description The issue is related to the PDORow implementation in PHP, which does not properly interact with the session feature. This allows remote attackers to cause a denial of service, resulting in an application crash, by using a crafted application that utilizes a PDO driver for a fetch and then calls the session start function. This can be demonstrated by a crash of the Apache HTTP Server. The vulnerability exists due to insufficient input validation in the PDORow implementation.

Recommendations For PHP versions prior to 5.3.9, update to version 5.3.9 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the session start function in conjunction with PDO drivers to minimize the risk of exploitation. Restrict access to sensitive applications that utilize PDO drivers until the issue is resolved.